CVE-2022-20821
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.
EPSS 8.84% · 92.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ios_xr | |
| Cisco | Cisco IOS XR Software | n/a |
Exploit Intelligence
- CIRCL seen: CVE-2022-20821 (circl-sighting)
- CIRCL seen: CVE-2022-20821 (circl-sighting)
- CIRCL seen: CVE-2022-20821 (circl-sighting)
- CIRCL seen: CVE-2022-20821 (circl-sighting)
- CIRCL exploited: CVE-2022-20821 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20821 (circl)
- 20220520 Cisco IOS XR Software Health Check Open Port Vulnerability (circl)
- kev.json (github-poc)
- kev.json (github-poc)
- kev.json (github-poc)
…and 7 more exploits
Timeline
- May 23, 2022 CISA KEV Added
- May 23, 2022 PoC Published
- May 26, 2022 CVE Published
- May 27, 2022 EPSS Score
- Jul 16, 2022 EPSS Score
- Oct 21, 2022 EPSS Score
- Dec 9, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 16, 2023 EPSS Score
- May 4, 2023 EPSS Score
- Jun 14, 2023 PoC Published
- Aug 10, 2023 EPSS Score